Detections
Analytics

Mandriva Linux Security Advisory : koffice (MDVSA-2008:197-1)

medium Nessus Plugin ID 37294

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693).

This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue.

Update :

A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 37294

File Name: mandriva_MDVSA-2008-197.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:koffice, p-cpe:/a:mandriva:linux:koffice-common, p-cpe:/a:mandriva:linux:koffice-devel, p-cpe:/a:mandriva:linux:koffice-karbon, p-cpe:/a:mandriva:linux:koffice-kchart, p-cpe:/a:mandriva:linux:koffice-kexi, p-cpe:/a:mandriva:linux:koffice-kformula, p-cpe:/a:mandriva:linux:koffice-kivio, p-cpe:/a:mandriva:linux:koffice-koshell, p-cpe:/a:mandriva:linux:koffice-kplato, p-cpe:/a:mandriva:linux:koffice-kpresenter, p-cpe:/a:mandriva:linux:koffice-krita, p-cpe:/a:mandriva:linux:koffice-kspread, p-cpe:/a:mandriva:linux:koffice-kugar, p-cpe:/a:mandriva:linux:koffice-kword, p-cpe:/a:mandriva:linux:lib64koffice2-common, p-cpe:/a:mandriva:linux:lib64koffice2-karbon, p-cpe:/a:mandriva:linux:lib64koffice2-kchart, p-cpe:/a:mandriva:linux:lib64koffice2-kexi, p-cpe:/a:mandriva:linux:lib64koffice2-kformula, p-cpe:/a:mandriva:linux:lib64koffice2-kivio, p-cpe:/a:mandriva:linux:lib64koffice2-kpresenter, p-cpe:/a:mandriva:linux:lib64koffice2-krita, p-cpe:/a:mandriva:linux:lib64koffice2-kspread, p-cpe:/a:mandriva:linux:lib64koffice2-kugar, p-cpe:/a:mandriva:linux:lib64koffice2-kword, p-cpe:/a:mandriva:linux:libkoffice2-common, p-cpe:/a:mandriva:linux:libkoffice2-karbon, p-cpe:/a:mandriva:linux:libkoffice2-kchart, p-cpe:/a:mandriva:linux:libkoffice2-kexi, p-cpe:/a:mandriva:linux:libkoffice2-kformula, p-cpe:/a:mandriva:linux:libkoffice2-kivio, p-cpe:/a:mandriva:linux:libkoffice2-kpresenter, p-cpe:/a:mandriva:linux:libkoffice2-krita, p-cpe:/a:mandriva:linux:libkoffice2-kspread, p-cpe:/a:mandriva:linux:libkoffice2-kugar, p-cpe:/a:mandriva:linux:libkoffice2-kword, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/16/2008

Reference Information

CVE: CVE-2008-1693

BID: 28830

CWE: 20

MDVSA: 2008:197-1